Towards a practical and secure biometric authentication system

Abstract

The idea of merging biometrics technology with cryptography brought interesting possibilities in enhancing the security and privacy of biometrics systems. Conventional systems generally require large databases, which represent a security risk and raise privacy concerns. Biometric encryption is a method devised to hide biometric features along with a cryptographic key, which could remove the need for such biometric databases. The Fuzzy Vault scheme is one of the promising candidates for biometric encryption. This thesis analyzes the scheme and attempts to provide solutions to problems impeding the system from being used in practise. We looked at the current techniques in dealing with the noise inherent in biometric templates, in particular fingerprints, and provides insight on their implication in information and biometric security. We also present two practical decoders based on the Berlekamp-Massey algorithm and the Euclidean algorithm, and provide the first implementation of a Reed-Solomon decoder for the Fuzzy Vault scheme. Our implementation results indicate that the traditional Berlekamp-Massey algorithm may not be as suitable and efficient as Gao's Reed-Solomon decoder. In our analysis, some potential vulnerabilities were also identified. In particular, the collusion attack was found to be able to seriously reduce the security of the scheme in practise and is applicable to all existing implementations. Some possible defenses against the attack such as a one-way transform of the locking set and deterministic chaff points generation were proposed.